Right of privacy
Overview The concept of privacy is colored by the history, culture, and political system of a particular people. Although privacy is a value that has always been regarded as fundamental, its meaning is often unclear. Privacy includes concerns about autonomy, individuality, personal space, solitude, intimacy, anonymity, and a host of other related concerns. There have been many attempts to give meaning to the term for policy purposes. In 1890, Samuel Warren and Louis Brandeis defined it as “the right to be let alone.” In 1967, Alan Westin defined it as “the claim of individuals, groups, or institutions to determine for themselves when, how and to what extent information about them is communicated to others.” This latter definition served as the basis for the Privacy Act of 1974. OECD The OECD Guidelines on the Protection of Privacy and Trans-Border Flows of Personal Data are: 1. Collection Limitation Principle: “There should be limits to the collection of personal data and any such data should be obtained by lawful and fair means and, where appropriate, with the knowledge or consent of the data subject”; 2. Data Quality Principle: “Personal data should be relevant to the purposes for which they are to be used, and, to the extent necessary for those purposes, should be accurate, complete and kept up-to-date”; 3. Purpose Specification Principle: “The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfillment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose”; 4. Use Limitation Principle: “Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Purpose Specification Principle except: :a. with the consent of the data subject; or :b. by the authority of law”; 5. Security Safeguards Principle: “Personal data should be protected by reasonable security safeguards against such risks as loss or unauthorised access, destruction, use, modification or disclosure of data”; 6. Openness Principle: “There should be a general policy of openness about developments, practices and policies with respect to personal data. Means should be readily available of establishing the existence and nature of personal data, and the main purposes of their use, as well as the identity and usual residence of the data controller”; 7. Individual Participation Principle: “An individual should have the right: :a. to obtain from a data controller, or otherwise, confirmation of whether or not the data controller has data relating to him; :b. to have communicated to him, data relating to him ::i. within a reasonable time; ::ii. at a charge, if any, that is not excessive; ::iii. in a reasonable manner; and ::iv. in a form that is readily intelligible to him; :c. to be given reasons if a request made under subparagraphs(a) and (b) is denied, and to be able to challenge such denial; and :d. to challenge data relating to him and, if the challenge is successful to have the data erased, rectified, completed or amended”; 8. Accountability Principle: “A data controller should be accountable for complying with measures which give effect to the principles stated above.” United Nations Guidelines for the Regulation of Computerized Personal Files of 1990 The United Nations Guidelines for the Regulation of Computerized Personal Files of 1990 recognize many of the same rights in information as the OECD Privacy Guidelines, providing in addition that “data likely to give rise to unlawful or arbitrary discrimination, including information on racial or ethnic origin, colour, sex life, political opinions, philosophical and other beliefs . . . should not be compiled.”United Nations, G.A. Res. 45/95, Guidelines for the Regulation of Computerized Personal Files (Dec. 14, 1990). United States Constitutional Law The U.S. Constitution makes no explicit mention of a right of privacy, and the "zones of privacy" recognized by the Supreme Court are very limited. The Fourth Amendment "search and seizure" provision protects a right of privacy by requiring warrants before government may invade one's internal space or by requiring that warrantless invasions be reasonable. However, "the Fourth Amendment cannot be translated into a general constitutional ‘right to privacy.’ That Amendment protects individual privacy against certain kinds of governmental intrusion, but its protections go further, and often have nothing to do with privacy at all."Katz v. United States, 389 U.S. 347, 350 (1967). Similarly, the Fifth Amendment's self-incrimination clause was once thought of as a source of protection from governmental compulsion to reveal one's private papers,Boyd v. United States, 116 U.S. 616, 627-630 (1886). but the Court has refused to interpret the self-incrimination clause as a source of privacy protection.Fisher v. United States, 425 U.S. 391, 399 (1976). First Amendment principles also bear on privacy, both in the sense of protecting it,See, e.g., Frisby v. Schultz, 487 U.S. 474 (1988) (using privacy rationale in approving governmentally-imposed limits on picketing of home). but more often in terms of overriding privacy protection in the interests of protecting speech and press.See, e.g., Florida Star v. B. J. F., 491 U.S. 524 (1989) (newspaper could not be liable for violating state privacy statute when it published the name of a rape victim that it had lawfully obtained through public sources). Finally, the due process clause of the Fifth and Fourteenth Amendments, to some degree, may be construed to protect the "liberty" of persons in their privacy rights in cases that implicate “fundamental rights,” or those “implicit in the concept of ordered liberty” such as marriage, procreation, contraception, family relationships, child rearing, and education.See, e.g., Paul v. Davis, 424 U.S. 693, 713-14 (1976). In an important decision in Whalen v. Roe,''429 U.S. 589 (1977). the Supreme Court recognized a "right of informational privacy." ''Whalen concerned a New York law that created a centralized state computer file of the names and addresses of all persons who obtained medicines containing narcotics pursuant to a doctor’s prescription. Although the Court upheld the state’s authority, it found this gathering of information to affect two interests. The first was an “individual interest in avoiding disclosure of personal matters”; the other, “the interest in independence in making certain kinds of important decisions.”''Id.'' at 592-93. These two interests rest on the substantive due process protections found in the Fifth and Fourteenth Amendments. Similarly, in Griswold v. Connecticut,''381 U.S. 479 (1965). the Supreme Court recognized a limited constitutional right applicable to certain intimate decisions related to family or marital matters. Common Law Perhaps the most widely quoted definition of privacy is from the classic 1890 law review article by Samuel D. Warren and Louis D. Brandeis, titled "The Right to Privacy”4 Harv. L. Rev. 193 (1890).: :Privacy is the right to be let alone.''Id. at 205. Privacy expert Alan Westin defined information privacy as the claim of individuals, groups or institutions to determine for themselves when, how, and to what extent information about them is communicated to others. Alan Westin, Privacy and Freedom 7 (1976). See also Alan Westin, The Equifax Report on Consumers in the Information Age XVIII (1990). Later when Brandeis was on the U.S. Supreme Court he referred to privacy as "the most comprehensive of rights, and the right most valued by civilized men.”Olmstead v. United States, 277 U.S. 438, 478 (1928) (Brandeis, J., dissenting). In 1960, distinguished jurist, William Prosser, concluded that no right to privacy existed under U.S. constitutional law, but identified four categories of tortious invasions of privacy.See William Prosser, "Privacy," 48 Cal. L. Rev. 383 (1960). Prosser's torts included: (i) intrusion upon the individual's seclusion or solitude, or into his private affairs; (ii) public disclosure of embarrassing private facts about the individual; (iii) publicity that places the individual in a false light in the public eye; and (iv) appropriation, for another person's advantage, of the individual's name or likeness. Id. More recently, the U.S. Department of Commerce wrote: :There is no single privacy law in the United States, rather, U.S. privacy law is a patchwork of constitutional, statutory, regulatory, and common law protections. While the Supreme Court has held that the Fourth Amendment restricts the ability of government to collect information from places in which an individual has a reasonable expectation of privacy, there is no constitutional right to be free from analogous intrusions by private parties. Tort law limits intrusive collection of private information, penalizes unwarranted disclosure of erroneous information about individuals. A number of statutes, at both the federal and state level, protect individuals from governmental misuse of personal information, while other statutes adopt "fair information principles" for private sector record keepers in specific industries.Department of Commerce, Inquiry on Privacy Issues Relating to Private Sector Use of Telecommunications-Related Personal Information, 59 Fed. Reg. 6841, 6843 (Feb. 11, 1994) (footnotes omitted). In 1974, Congress established the Privacy Protection Study Commission to undertake a broad study of whether privacy rights were being adequately protected in the emerging information society. In its final report, issued in 1977, the Commission concluded that federal privacy laws should advance three concurrent policy goals — :* To minimize intrusiveness by creating a proper balance between what an individual is expected to divulge to a record-keeping organization and what he or she seeks in return; :* To maximize fairness by opening up record-keeping operations in ways that will minimize the extent to which recorded information about an individual is itself a source of unfairness in any decision about him or her; and :* To create legitimate, enforceable expectations of confidentiality by creating and defining obligations with respect to the uses and disclosures that will be made of recorded information about an individual. "Today . . . there have been further advances in telecommunications and information technology. Given the proliferation of computerized data collection and the prospect of converging technologies — computers, telephones, and mass media — it is time to reconsider what privacy means in developing electronic communities."Id. More recently, one commentator has defined privacy as a :broad, all-encompassing concept that envelops a whole host of human concerns about various forms of intrusive behavior, including wiretapping, surreptitious physical surveillance, and mail interception. Individuals claim a right of privacy for an enormously wide range of issues, from the right to practice contraception or have an abortion to the right to keep bank records confidential.See David Flaherty, Protecting Privacy in Surveillance Societies (1989). Statutory Law There is no comprehensive federal statute that protects the privacy of personal information held by the public sector and the private sector. Instead federal law tends to employ a sectoral approach to the regulation of personal information. Statutes relating to the federal government's collect, storage and use of personal information include: * The Privacy Act of 1974 * The Paperwork Reduction Act of 1980 * The E-Government Act of 2002 * The Homeland Security Act of 2002, which directed the Secretary of the Department of Homeland Security to designate a senior official with primary responsibility for privacy policy. * The Intelligence Reform and Terrorism Prevention Act of 2004,Pub. L. No. 108-458 (Dec. 17, 2004). which required the Director of National Intelligence to appoint a Civil Liberties Protection Officer and assigned this individual specific privacy responsibilities. The Act establish an information sharing environment to facilitate the sharing of terrorism-related information with protections for privacy and civil liberties. * The Violence Against Women and Department of Justice Reauthorization Act of 2005, which instructed the Attorney General to designate a senior official with primary responsibility for privacy policy. * The Transportation, Treasury, Independent Agencies and General Government Appropriations Act of 2005, which directed each agency whose appropriations were provided by the ActThe Transportation, Treasury, Independent Agencies and General Government Appropriations Act of 2005 applies to the Department of Transportation, Department of Treasury, Executive Office of the President, Architectural and Transportation Barriers Compliance Board, Election Assistance Commission, Federal Election Commission, Federal Labor Relations Authority, Federal Maritime Commission, General Services Administration, Merit Systems Protection Board, Morris K. Udall Scholarship and Excellence in National Environmental Policy Foundation, National Archives and Records Administration, National Historical Publications and Records Commission, National Transportation Safety Board, Office of Government Ethics, Office of Personnel Management, Office of Special Counsel, U.S. Postal Service, and U.S. Tax Court. to designate a CPO with primary responsibility for privacy and data protection policy. * The Implementing Recommendations of the 9/11 Commission Act of 2007, which recommended that the sharing and uses of information be guided by a set of practical policy guidelines that would simultaneously empower and constrain officials, closely circumscribing what types of information they would be permitted to share as well as the types of information they would need to protect. It instructed the heads of the Department of Defense, Department of Homeland Security, Department of Justice, Department of Treasury, Department of Health and Human Services, and Department of State, as well as the Office of the Director of National Intelligence and the Central Intelligence Agency to designate no less than one senior officer to serve as a privacy and civil liberties officer.This law grants the Privacy and Civil Liberties Oversight Board authority to require any other agency or element of the executive branch to establish a privacy and civil liberties officer. Further, this law specifies that if covered agencies have another statutorily designated privacy officer, this officer must also undertake the responsibilities described in the Act. Universal Declaration of Human Rights The Universal Declaration of Human Rights, Art. 12 states: :No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks.United Nations, Universal Declaration of Human Rights, G.A. Res. 217A(III), U.N. GAOR, 3d Sess., U.N. Doc. A/810 (1948), art. 12. References See also * Information privacy * Internet privacy * Invasion of privacy Category:Privacy